Difference between pages "Rootfs over encrypted lvm" and "Package:Debian-sources"

(Created page with "{{Ebuild |Summary=This is the Debian kernel. This is default recommended kernel to use in http://www.funtoo.org/Funtoo_Linux_Installation |CatPkg=sys-kernel/debian-sources |Ma...")

Line 1:

Line 1:

−

This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted drive. It is not meant to be a standalone installation guide, rather, it is meant to be read alongside the [[Funtoo Linux Installation]] Guide.

+

{{Ebuild

−

+

|Summary=This is the Debian kernel. This is default recommended kernel to use in http://www.funtoo.org/Funtoo_Linux_Installation

−

== Prepare the hard drive and partitions ==

+

|CatPkg=sys-kernel/debian-sources

−

This is an example partition scheme, you may want to choose differently.

+

|Maintainer=Oleg,

−

<code>/dev/sda1</code> used as <code>/boot</code>. <code>/dev/sda2</code> will be encrypted drive with LVM.

+

|Homepage=http://www.funtoo.org/Funtoo_Linux_Kernels

−

* <code>/dev/sda1</code> -- <code>/boot</code> partition.

+

−

* <code>/dev/sda2</code> -- BIOS boot partition (not needed for MBR - only needed if you are using GPT) This step required for GRUB2. For more info, see: [http://www.funtoo.org/Funtoo_Linux_Installation#Prepare_Hard_Disk] for more information on GPT and MBR.

+

−

* <code>/dev/sda3</code> -- <code>/</code> partition, will be the drive with LUKS and LVM.

+

−

+

−

With UEFI:

+

−

* <code>/dev/sda1</code> -- <tt>/boot</tt>

+

−

* <code>/dev/sda2</code> -- <tt>/</tt> partition

+

−

+

−

=== Wipe the hard drive ===

+

−

<console>

+

−

# ##i##gdisk /dev/sda

+

−

+

−

Command: ##i##x ↵

+

−

Expert command: ##i##z ↵

+

−

About to wipe out GPT on /dev/sda. Proceed?: ##i##y ↵

+

−

GPT data structures destroyed! You may now partition the disk using fdisk or other utilities.

+

−

Blank out MBR?: ##i##y ↵

+

−

</console>

+

−

{{Fancywarning|This action will destroy all data on the disk.}}

+

−

+

−

== Encrypting the drive ==

+

−

Read more about different cipher options here: [http://blog.wpkg.org/2009/04/23/cipher-benchmark-for-dm-crypt-luks/]

{{Fancywarning|The default keymap at boot time is '''us'''. If you enter your passphrase using a different keymap, you won't be able to unlock your crypt volume if the passphrase contains any characters that are located elsewere on your keyboard layout that with the us layout.}}

+

−

= Create logical volumes =

+

−

<console>

+

−

# ##i##pvcreate /dev/mapper/dmcrypt_root

+

−

# ##i##vgcreate vg /dev/mapper/dmcrypt_root

+

−

# ##i##lvcreate -L10G --name root vg

+

−

# ##i##lvcreate -L2G --name swap vg

+

−

# ##i##lvcreate -L5G --name portage vg

+

−

# ##i##lvcreate -l 100%FREE -nhome vg

+

−

</console>

+

−

Feel free to specify your desired size by altering the numbers after the -L flag. For example, to make your portage dataset 20GB's, use the flag -L20G instead of -L5G.

+

−

{{fancynote| Please, notice that above mentioned partitioning scheme is an example and not a default recommendation, change it accordingly to desired scheme.}}

+

−

+

−

= Create a filesystem on volumes =

+

−

<console>

+

−

# ##i##mkfs.ext2 /dev/sda1

+

−

# ##i##mkswap /dev/mapper/vg-swap

+

−

# ##i##mkfs.ext4 /dev/mapper/vg-root

+

−

# ##i##mkfs.ext4 /dev/mapper/vg-portage

+

−

# ##i##mkfs.ext4 /dev/mapper/vg-home

+

−

</console>

+

−

+

−

= Basic system setup =

+

−

<console>

+

−

# ##i##swapon /dev/mapper/vg-swap

+

−

# ##i##mkdir /mnt/funtoo

+

−

# ##i##mount /dev/mapper/vg-root /mnt/funtoo

+

−

# ##i##mkdir -p /mnt/funtoo/{boot,usr/portage,home}

+

−

# ##i##mount /dev/sda1 /mnt/funtoo/boot

+

−

# ##i##mount /dev/mapper/vg-portage /mnt/funtoo/usr/portage

+

−

# ##i##mount /dev/mapper/vg-home /mnt/funtoo/home

+

−

</console>

+

−

Now perform all the steps required for basic system install, please follow [http://docs.funtoo.org/wiki/Funtoo_Linux_Installation]

+

−

don't forget to emerge the following before your install is finished:

+

−

+

−

* '''cryptsetup'''

+

−

* '''lvm2'''

+

−

* '''a bootloader (grub recommended)'''

+

−

* '''kernel sources '''

+

−

+

−

= Editing the fstab =

+

−

Fire up your favorite text editor to edit <code>/etc/fstab</code>. You want to put the following in the file:

+

−

+

−

{{file|name=/etc/fstab|desc= |body=

+

−

# <fs> <mountpoint> <type> <opts> <dump/pass>

+

−

/dev/sda1 /boot ext2 noauto,noatime 1 2

+

−

/dev/mapper/vg-swap none swap sw 0 0

+

−

/dev/mapper/vg-root / ext4 noatime,nodiratime,defaults 0 1

+

−

/dev/sr0 /mnt/cdrom auto noauto,ro 0 0

+

−

/dev/mapper/vg-portage /usr/portage ext4 noatime,nodiratime 0 0

+

−

/dev/mapper/vg-home /home ext4 noatime,nodiratime 0 0

+

}}

}}

−

+

== Introduction ==

−

== Kernel options ==

+

This is the Debian kernel. It is roughly equal to a kernel shipped by Debian Linux in their releases. Ebuild now support the <code>binary</code> USE flag. The aim of this ebuild is to have support for near all possible hardware and users shouldn't really dig into configs, aka "install and forget". Daniel has added a special config-extract command which can be used to list all available official Debian kernel configurations, and generate them from the Debian files included with the kernel.

−

{{fancynote| This part is particularly important: pay close attention. }}<br>

Debian-sources

Introduction

This is the Debian kernel. It is roughly equal to a kernel shipped by Debian Linux in their releases. Ebuild now support the binary USE flag. The aim of this ebuild is to have support for near all possible hardware and users shouldn't really dig into configs, aka "install and forget". Daniel has added a special config-extract command which can be used to list all available official Debian kernel configurations, and generate them from the Debian files included with the kernel.